Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
October 22, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-42740 – Node.js shell-quote module
October 25, 2021

Rewterz Threat Advisory – ICS: Siemens SINEC NMS and SIMATIC

Severity

High

Analysis Summary

CVE-2021-38418

The affected product runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.

CVE-2021-38428: CVE-2021-38488: CVE-2021-38407

The affected product is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.

CVE-2021-38403

The affected product is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.

CVE-2021-38411

The affected product is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.

CVE-2021-38424

The tag interface of the affected product is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

CVE-2021-38422

The affected product stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.

CVE-2021-38416

The affected product insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.

CVE-2021-38420

The affected product’s default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

Impact

  • Unauthorized Access
  • Remote Code Execution
  • Privilege Escalation
  • Exposure of Sensitive Data

Affected Vendors

  • Delta Electronics

Affected Products

  • DIALink: Versions 1.2.4.0 and prior

Remediation

Refer to CERT-Advisory for patch, upgrade, or suggested workaround information.

https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02